ClawHub

Ai助理 Bb6cad

Security checks across malware telemetry and agentic risk

Overview

This skill does not appear malicious, but its AI memory-assistant label is mixed with unrelated CAD, gaming, product, and tutorial material plus very broad triggers, so it needs review before use.

Install only if you are comfortable with a low-capability but poorly scoped skill. It should be split or rewritten with one clear purpose and specific triggers before being used in an agent environment where accidental activation matters.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The file starts as an 'AI memory assistant' skill but later contains merged, unrelated CAD, gaming, and tutorial content under the same skill. This creates skill identity confusion, making it difficult for users and downstream systems to understand what will actually activate, which increases the chance of unintended invocation and unsafe behavior delegation.

Description-Behavior Mismatch

High
Confidence
97% confidence
Finding
The manifest claims a personal AI memory assistant, but most of the body describes unrelated Bilibili-derived CAD, gaming, and tutorial topics. This mismatch is dangerous because users, orchestrators, or policy systems may trust the declared purpose while the actual skill behavior and activation surface are materially different, enabling misleading routing or policy bypass.

Vague Triggers

High
Confidence
96% confidence
Finding
The top-level trigger phrase includes highly generic terms such as 'AI助理', '个人', and 'AI', which are common in ordinary conversation. Such broad activation cues can cause accidental triggering during unrelated user requests, potentially invoking the wrong skill and exposing users to unintended behavior or instructions.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger scenario says the skill may activate when users mention broad concepts like 'AI助理' or '个人' or generally need related help, without clear boundaries. This ambiguity makes accidental or overbroad activation more likely, especially in a shared assistant environment where routing decisions depend on precise scope.

Vague Triggers

High
Confidence
98% confidence
Finding
Using '3382' as an activation cue is unsafe because it is a short, generic numeric token that can appear in many benign contexts such as model numbers, codes, examples, or IDs. This makes false activation highly likely and could route users into an unrelated merged skill without meaningful intent match.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase 'AutoCAD' is too broad because it is a common product name used in many ordinary support or discussion contexts. In this already semantically inconsistent file, such a broad trigger further increases the risk of accidental activation of the wrong merged content block.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal